From 2ed046269b2365f118206914c4dd73eac90a0552 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Fri, 10 Jun 1994 19:48:12 +0000
Subject: [PATCH] Improve logging of failed logins

Fix conditional support of V4 backwards compatibility.  It was very broken!

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3727 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/bsd/krlogind.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index bd49f7feb..9b039eb70 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -107,9 +107,6 @@ static char sccsid[] = "@(#)rlogind.c	5.17 (Berkeley) 8/31/88";
  */
 #define LOG_REMOTE_REALM
 #define CRYPT
-#ifdef KRB5_KRB4_COMPAT
-#define SERVE_V4
-#endif
 
 #include <stdio.h>
 #include <sys/types.h>
@@ -179,6 +176,8 @@ struct winsize {
 #undef BUFSIZ
 #endif
 
+#undef KRB5_KRB4_COMPAT
+
 int auth_sys = 0;	/* Which version of Kerberos used to authenticate */
 
 #define KRB5_RECVAUTH_V4	4
@@ -1040,6 +1039,7 @@ do_krb_login(host)
     krb5_error_code status;
     struct passwd *pwd;
     int	passed_krb, passed_rhosts;
+    char *msg_fail;
 
     passed_krb = passed_rhosts = 0;
 
@@ -1063,14 +1063,14 @@ do_krb_login(host)
     /* OK we have authenticated this user - now check authorization. */
     /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/
     
-#ifdef SERVE_V4
+#ifndef KRB5_KRB4_COMPAT
     if (auth_sys == KRB5_RECVAUTH_V4) {
 	  fatal(netf, "This server does not support Kerberos V4");
   }
 #endif
     
     if (must_pass_k5 || must_pass_one) {
-#if (defined(ALWAYS_V5_KUSEROK) || !defined(SERVE_V4))
+#if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT))
 	/* krb5_kuserok returns 1 if OK */
 	if (client && krb5_kuserok(client, lusername))
 	    passed_krb++;
@@ -1105,11 +1105,18 @@ do_krb_login(host)
     if ((must_pass_k5 && passed_krb) ||
 	(must_pass_rhosts && passed_rhosts) ||
 	(must_pass_one && (passed_krb || passed_rhosts)))
-	return;
+	    return;
     
     if (ticket)
 	krb5_free_ticket(ticket);
-    fatal(netf, "User is not authorized to login to specified account");
+
+    msg_fail =  (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
+    if (!msg_fail)
+	fatal(netf, "User is not authorized to login to specified account");
+    sprintf(msg_fail, "User %s is not authorized to login to account %s",
+	    krusername, lusername);
+    fatal(netf, msg_fail);
+    /* NOTREACHED */
 }
 
 
@@ -1466,7 +1473,7 @@ recvauth()
     getstr(netf, lusername, sizeof (lusername), "locuser");
     getstr(netf, term, sizeof(term), "Terminal type");
 
-#ifdef SERVE_V4
+#ifdef KRB5_KRB4_COMPAT
     if (auth_sys == KRB5_RECVAUTH_V4) {
 
 	des_read  = v4_des_read;
@@ -1520,7 +1527,7 @@ recvauth()
 }
 
 
-#ifdef SERVE_V4
+#ifdef KRB5_KRB4_COMPAT
 
 int
 v4_des_read(fd, buf, len)
@@ -1654,5 +1661,5 @@ int len;
 	return(len);
 }
 
-#endif /* SERVE_V4 */
+#endif /* KRB5_KRB4_COMPAT */
 #endif /* KERBEROS */
-- 
2.26.2